Oops – Google May Have Been Letting App Devs Read Users’ Gmail

Facebook has been under fire these past few months (some say years) due to various privacy concerns, but it seems rivals like Google aren’t exactly squeaky clean, either. In fact, it’s been discovered that Google may have been letting its app developers read the Gmail of app users.

In this rather surprising twist, Google may have been allowing Android third-party developers to be viewing millions upon millions of messages in their Gmail application. This stems from the fact that looking into the Gmail access settings will allow users to actually agree to share data with developers. One tiny detail that might be missed includes the details and content of users.

However, what’s perhaps extremely alarming is the fact that both AI and humans will be able to access the entirety of Gmail content from users – including recipient addresses, time stamps, and other information. In fact, the associated consent form in Gmail may not be explicit enough with the reality that both human and AI “eyes” will be looking into the content of their users.

When asked for comment, Google said it only provides access to data when users consent, and only to developers of third-party applications that have “verified” their respective identities. These third-party developers should include clauses about monitoring emails in their privacy policies as well, and the kind of data they’re looking for should make sense with respect to the purposes of the application in question.

In a surprising twist, Google also said “sometimes” their employees will read the emails of users as well, although these only happen in “very specific cases.” In these “cases,” users should be able to ask Google – and therefore give consent – to read content for security purposes, such as when they need to investigate abuse or bugs. Sometimes, third-party applications may also request for personal information of users in extremely broad manners, such as mic and camera access, location access, and even message content. These happen via plugins, or even in other platforms that are designed to send and receive emails.

Unfortunately, regardless of Google’s “reasons,” this spells yet another potential disaster to the likes of Facebook’s debacle with Cambridge Analytica. To add insult to injury, these practices have been extremely common for years – third-party developers who have access to data such as Facebook may have potential for abuse, and then they may eventually fall under public and government scrutiny because of these discoveries.